LOGalyze

Oracle Audit Trail analyzer

LOGalyze is an Oracle Audit Trail analyzer. It can collect Oracle Audit Trails from aud$ table or can identify and parse audit trails sent via syslog (Oracle 11 and newer).

Sample Audit trail via syslog:

ACTION: 3 SELECT

 
Apr 14 14:25:57 oradb-server Audit[1511436]: LENGTH: "246" SESSIONID:[8] "72116485" ENTRYID:[1] "1" STATEMENT:[1] "1"
USERID:[6] "SYSMAN" USERHOST:[7] "myhost" TERMINAL:[8] "UNKNOWN" ACTION:[1] "3" RETURNCODE:[1] "0"
OBJ$CREATOR:[3] "SYS" OBJ$NAME:[5] "LINK$" OS$USERID:[6] "oracle" PRIV$USED:[3] "237"

 

LOGalyze supports the following Oracle Event Classes:

  • User
  • Role
  • Profile
  • Data
  • Object Privilege
  • User/Role Privilege
  • System Privilege

LOGalyze parses the following fields from Oracle audit trails:

  • sessionid
  • entryid
  • statement
  • userid
  • userhost
  • terminal
  • action
  • returncode
  • obj_creator
  • obj_name
  • os_userid

 

LOGalyze on Twitter